Created on 02-19-2024 09:37 AM Edited on 02-26-2024 03:02 AM By Kate_M
All:
I understand the admin access restrictions - but I don't want anyone to even see that the device is a Fortigate on the WAN. How to do this simply? And - if it's involving CLI mangling of the local policy - is this something on target to be usable in the GUI in the future?
Thanks!
Solved! Go to Solution.
Right - so worked with a colleague on this, trusted networks have to be applied to every System Administrator - or else the system will show the page to other addresses. My mistake for not checking that - thanks for all the help!
Also - we use trusted networks as well for interior management sources (i.e. not allowing certain subnets on the LAN to come in either.)
Then the best thing to do is always disable any management access (ping as well) on WAN interface.
Agree with @AEK
Disable any allowaccess on the WAN facing interfaces, I.E WAN1 & WAN2.
If you do need remote management access, you could lock it down to trusted networks with local in policies.
Right - so worked with a colleague on this, trusted networks have to be applied to every System Administrator - or else the system will show the page to other addresses. My mistake for not checking that - thanks for all the help!
Also - we use trusted networks as well for interior management sources (i.e. not allowing certain subnets on the LAN to come in either.)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.